Multiple Iranian actors have launched attacks against the Albanian government

Threat Level

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

Threat actors acting on behalf of the Iranian government launched a devastating attack that knocked the Albanian government’s websites and public services down. Each stage of the attack was carried out by a different actor: DEV-0861 carried out the initial compromise and data exfiltration; DEV-0166 stole data; DEV-0133 examined the victim’s infrastructure; DEV-0842 distributed ransomware and wiper software.